net2phone rules
Mohammad Khan
mkhan at lextranet.com
Mon Feb 14 23:16:07 CET 2005
On Tue, 2005-02-08 at 01:01, varun_saa at vsnl.net wrote:
> Hello,
> I want my firewall to allow Net2phone.
>
> A visit to http://web.net2phone.com/consumer/commcenter/helpfirewall.asp
> states that you need to open up at least three ports:
> tcp 80 - tcp 6800 - udp 6801.
>
> One should use INPUT or FORWARD rule ?
Depends on where is your net2phone client.
If it is *NOT* on your firewall, use FORWARD
I visited the net2phone link, your forward rules should be
# Following two rules would allow log in,
# maintaining online status, and instant messaging
-A FORWARD -s internal_ne_ips -d relay.net2phone.com -p tcp --dport 80
-m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -s relay.net2phone -p tcp --sport 80 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT
# Following two rules would allow voice packets to go out
-A FORWARD -s internal_net_ips tcp --sport 6800 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -s internal_net_ips -p udp --sport 6801 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT
# Following two rules would allow voice packets to get in
-A FORWARD -d external_ip tcp --dport 6800 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -d external_ip -p udp --dport 6801 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT
Above rules can be made more restrictive !
Enjoy firewalling.
Mohammad
--
"Mad cow? You'd be mad too, if someone was trying to eat you."
More information about the netfilter
mailing list